Andy Shellam (Mailing Lists)
2007-Oct-21 16:44 UTC
[Dovecot] Upgrade from 1.0.1 -> 1.0.5 failed (rc 75)
Hi,
I'm using a mixture of Exim, Dovecot and Deliver. Exim receives the
mail and validates the user against our database, then pipes the e-mail
to deliver which puts it in the right mailbox.
We were running Exim 4.67 and Dovecot 1.0.1, and today I did an in-place
upgrade to Dovecot 1.0.5 and Exim 4.68.
However, now Exim is failing deliveries saying deliver returned code
75. If I examine the dovecot log file, I'm getting errors like:
deliver(andy.shellam-lists at mailnetwork.co.uk): Oct 21 17:19:49 Fatal:
chroot(/users/mail/andy.shellam-lists at mailnetwork.co.uk) failed:
Operation not permitted
All mailboxes are owned by user "dovecot-mail" and group
"localservice",
with user and group having full permissions, and other having no access
(0770).
None of the config files (Exim nor Dovecot's) have changed, nor have
permissions on the mailbox paths, and Dovecot can still access the
mailboxes through IMAP just fine.
If I delete the dovecot log-file and force a mail delivery, the log gets
re-created with mode 0644 and owner dovecot-auth:localservice, which
confirms the user running dovecot is the same group, so why doesn't it
have permissions?
I've read on another message that return code 75 is EX_TEMPFAIL, what
does this mean?
My sendmail_path is the correct path to Exim, verified by killing Exim
and copying and pasting the command to start it back up again.
Any advice would be appreciated, as I may have to restore back to 1.0.1.
Thanks,
Andy
dovecot -n:
# 1.0.5: /usr/local/dovecot/etc/dovecot.conf
base_dir: /var/run/dovecot/
log_path: /mndata/logs/dovecot.current.log
protocols: imap
ssl_disable: yes
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/local/dovecot/libexec/dovecot/imap-login
login_user: dovecot-login
login_greeting: SystemVDM2 ready.
login_processes_count: 5
valid_chroot_dirs: /mndata/mail
mail_chroot: /mndata/mail
first_valid_uid: 1013
last_valid_uid: 1013
first_valid_gid: 1002
last_valid_gid: 1002
mail_extra_groups: localservice
mailbox_idle_check_interval: 60
maildir_copy_with_hardlinks: yes
namespace:
type: private
separator: .
prefix: INBOX.
inbox: yes
auth default:
mechanisms: plain login
default_realm: mailnetwork.co.uk
user: dovecot-auth
username_translation: +@
username_format: %Lu
passdb:
driver: sql
args: /usr/local/dovecot/etc/dovecot-sql.conf
userdb:
driver: sql
args: /usr/local/dovecot/etc/dovecot-sql.conf
socket:
type: listen
master:
path: /var/run/dovecot/auth-master
mode: 432
user: dovecot-auth
group: localservice
On Sun, 21 Oct 2007, Andy Shellam (Mailing Lists) wrote:> deliver(andy.shellam-lists at mailnetwork.co.uk): Oct 21 17:19:49 Fatal: > chroot(/users/mail/andy.shellam-lists at mailnetwork.co.uk) failed: Operation > not permittedOnly programs running as UID 0 (root) are allowed to use the chroot system call. Does your use of chroot() for deliver represent something new in your config, or if not, in the way Dovecot interprets your config? -- Asheesh. -- A reverend wanted to telephone another reverend. He told the operator, "This is a parson to parson call."
On Sun, 2007-10-21 at 17:44 +0100, Andy Shellam (Mailing Lists) wrote:> deliver(andy.shellam-lists at mailnetwork.co.uk): Oct 21 17:19:49 Fatal: > chroot(/users/mail/andy.shellam-lists at mailnetwork.co.uk) failed: > Operation not permittedEarlier deliver versions ignored chroot setting, which was a bug. So you have two choices: 1) Make deliver setuid-root so it can chroot. See "Multiple UIDs" section in http://wiki.dovecot.org/LDA 2) Disable chrooting with deliver. I think you can do this by updating the protocol lda section: protocol lda { .. mail_chroot } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20071021/22a811fe/attachment-0002.bin>